Module: Sequel::Plugins::Privacy::InstanceMethods

Extended by:
T::Helpers, T::Sig
Defined in:
lib/sequel/plugins/privacy.rb

Instance Method Summary collapse

Instance Method Details

#allow?(vc, action, direct_object = nil) ⇒ Boolean

Returns:

  • (Boolean) 


602
603
604
605
606
607
608
609
610
 
# File 'lib/sequel/plugins/privacy.rb', line 602

def allow?(vc, action, direct_object = nil)
  policies = _privacy_class.privacy_policies[action]
  unless policies
    Sequel::Privacy.logger&.error("No policies defined for :#{action} on #{self.class}")
    return false
  end

  Sequel::Privacy::Enforcer.enforce(policies, self, vc, direct_object)
end

#for_vc(vc) ⇒ Object 



590
591
592
593
 
# File 'lib/sequel/plugins/privacy.rb', line 590

def for_vc(vc)
  @viewer_context = T.let(vc, T.nilable(Sequel::Privacy::ViewerContext))
  self
end

#save(*opts) ⇒ Object 



613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
 
# File 'lib/sequel/plugins/privacy.rb', line 613

def save(*opts)
  vc = viewer_context

  if vc.is_a?(Sequel::Privacy::OmniscientVC)
    Kernel.raise Sequel::Privacy::Unauthorized, 'Cannot mutate with OmniscientVC'
  end

  if vc
    action = new? ? :create : :edit

    Kernel.raise Sequel::Privacy::Unauthorized, "Cannot #{action} #{self.class}" unless allow?(vc, action)

    changed_columns.each do |field|
      policy = _privacy_class.privacy_fields[field]
      next unless policy

      unless allow?(vc, policy)
        Kernel.raise Sequel::Privacy::FieldUnauthorized,
                     "Cannot modify #{self.class}##{field} (policy: #{policy})"
      end
    end
  end

  super
end

#update(hash) ⇒ Object 



640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
 
# File 'lib/sequel/plugins/privacy.rb', line 640

def update(hash)
  vc = viewer_context
  if vc
    Kernel.raise Sequel::Privacy::Unauthorized, "Cannot edit #{self.class}" unless allow?(vc, :edit)

    hash.each_key do |field|
      policy = _privacy_class.privacy_fields[field]
      next unless policy

      unless allow?(vc, policy)
        Kernel.raise Sequel::Privacy::FieldUnauthorized,
                     "Cannot modify #{self.class}##{field} (policy: #{policy})"
      end
    end
  end

  super
end

#viewer_contextObject 



580
581
582
 
# File 'lib/sequel/plugins/privacy.rb', line 580

def viewer_context
  @viewer_context = T.let(@viewer_context, T.nilable(Sequel::Privacy::ViewerContext))
end

#viewer_context=(vc) ⇒ Object 



585
586
587
 
# File 'lib/sequel/plugins/privacy.rb', line 585

def viewer_context=(vc)
  @viewer_context = T.let(vc, T.nilable(Sequel::Privacy::ViewerContext))
end